Legal

Travel Rule Disclosure

Last updated: July 2, 2026

This disclosure explains how Furlpay complies with the Financial Action Task Force (FATF) Travel Rule — also known as FATF Recommendation 16 — when you send or receive virtual asset transfers through the Furlpay platform.

1. What is the Travel Rule?

The Travel Rule is an international anti-money-laundering (AML) standard established by the FATF that requires Virtual Asset Service Providers (VASPs) to collect, verify, and transmit certain originator and beneficiary information when processing virtual asset transfers. The rule extends the same obligations that have long applied to traditional wire transfers under the Bank Secrecy Act (BSA) and EU Funds Transfer Regulation to the world of cryptocurrency.

The Travel Rule is implemented in various jurisdictions through local legislation, including:

  • United States: FinCEN’s Funds Transfer Rule (31 CFR 103.33) and Funds Travel Rule (31 CFR 103.33(g)), applicable to transfers of $3,000 or more.
  • European Union: Transfer of Funds Regulation (TFR, Regulation (EU) 2023/1113), applicable to all crypto-asset transfers with no de minimis threshold.
  • Singapore: Payment Services Act (PSA) Notice PSN02, applicable to transfers of SGD 1,500 or more.
  • South Korea: Specified Financial Information Act, applicable to all virtual asset transfers.
  • India: PMLA rules as applied to virtual digital assets by the FIU-IND.

2. When does the Travel Rule apply?

Furlpay applies Travel Rule data-sharing obligations in the following circumstances:

  • VASP-to-VASP transfers above threshold: When you send or receive a virtual asset transfer of $1,000 USD (or equivalent) or more to/from a wallet hosted by another identified VASP. This threshold aligns with the FATF-recommended minimum; stricter local thresholds (e.g., EU TFR’s zero threshold) are applied where required.
  • Self-hosted wallet transfers: For transfers to or from unhosted (self-custodial) wallets above the applicable threshold, Furlpay may request additional information to verify wallet ownership, in compliance with EU TFR Article 14 and analogous local rules.
  • Structuring detection: Furlpay monitors for transaction structuring — the practice of splitting a large transfer into smaller amounts to avoid the Travel Rule threshold. Structured transactions may be aggregated and treated as a single transfer for compliance purposes.

Below-threshold transfers

Even for transfers below the Travel Rule threshold, Furlpay may collect and retain originator information as part of its broader AML/KYC obligations. This data is stored securely and shared only when required by law.

3. What data is shared?

When the Travel Rule applies, the following information about the originator (sender) and beneficiary (recipient) is collected and transmitted to the counterparty VASP:

Originator information

  • Full legal name
  • Furlpay account identifier (internal user ID or wallet address)
  • Physical address, or national identity number, or date and place of birth
  • The location and network of the originating wallet

Beneficiary information

  • Full legal name (as provided by the originator or the counterparty VASP)
  • Account identifier at the beneficiary VASP (wallet address or internal account ID)

For transfers to/from the European Economic Area, the full originator information is transmitted regardless of amount, in compliance with the EU Transfer of Funds Regulation (TFR).

4. VASP-to-VASP transmission protocols

Furlpay transmits Travel Rule data to counterparty VASPs using industry-standard, encrypted messaging protocols:

  • TRISA (Travel Rule Information Sharing Architecture): An open-source, peer-to-peer protocol using mTLS-encrypted gRPC connections between verified VASP nodes. Furlpay is a registered member of the TRISA Global Directory Service (GDS).
  • TRP (Travel Rule Protocol): The OpenVASP-based Travel Rule Protocol for VASPs that are not connected to TRISA. TRP uses end-to-end encrypted HTTPS messaging with VASP identity verification via the TRP directory.
  • Fallback: For VASPs not connected to either TRISA or TRP, Furlpay may use secure email (PGP-encrypted) or API-based integration as a temporary measure. If no secure channel can be established, the transfer may be delayed or declined.

All Travel Rule data transmissions are logged, encrypted at rest, and retained for a minimum of 5 years in accordance with AML record-keeping requirements.

5. Your rights

As a Furlpay user, you have the following rights with respect to Travel Rule data:

  • Transparency: You will be informed when Travel Rule data is being collected and shared as part of a transfer. A clear notice is displayed in the transaction-confirmation screen before you sign the transaction.
  • Access: You may request a copy of the Travel Rule data Furlpay holds about you by contacting privacy@furlpay.com or through Settings → Privacy → Data Rights.
  • Rectification: If your personal information is inaccurate, you may request correction. Note that corrections may require re-verification through our KYC provider (Persona).
  • Limitation on retention: Travel Rule records are retained for the minimum period required by law (typically 5 years from the date of the transfer). Records are securely deleted after the retention period expires.
  • Right to object: While you cannot opt out of Travel Rule data collection (as it is a legal obligation), you may choose not to initiate transfers that trigger Travel Rule requirements. In such cases, your data will not be shared with counterparty VASPs.

6. Privacy & security safeguards

Furlpay takes the following measures to protect Travel Rule data:

  • Travel Rule data is stored in a segregated, access-controlled database separate from general user data.
  • All data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Access to Travel Rule data is restricted to compliance personnel with a documented need-to-know basis.
  • Audit logs of all Travel Rule data access and transmissions are maintained and reviewed quarterly.
  • Travel Rule data is never used for marketing, analytics, or any purpose beyond regulatory compliance.

7. Questions & contact

If you have questions about how the Travel Rule affects your transfers or your data, please contact our Compliance team: